Linux Format forums Forum Index Linux Format forums
Help, discussion, magazine feedback and more
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Arrgh...Now ive gone and done it??

 
Post new topic   Reply to topic    Linux Format forums Forum Index -> Other OS
View previous topic :: View next topic  
Author Message
GeordieJedi
LXF regular


Joined: Thu Jun 14, 2007 11:36 pm
Posts: 335
Location: North East England

PostPosted: Mon Dec 31, 2007 6:22 pm    Post subject: Arrgh...Now ive gone and done it?? Reply with quote

Hi all. Sorry to bother you, but I was having a bit of trouble and I thought id ask for some advice

(Btw im running XP in the laptop)
I was surfing the net on the laptop. when I got an alert that a trojan was trying to establish a connection.
(So im thinking its already on the laptop??) Kaspersky has supposedly identified the threat and nutralised it.

However im now really paranoid and i have been googaling the various processes from task manager
(but the different websites seem to contradict one-another)

Here is a list of the the more suspicious items in task manager.

csrss.exe
Isass.exe ?
PDSched.exe
smss.exe
WZQPICK.EXE
wuaclt.exe

-> MsPMSPSv.exe is an interesting one, as I googled it, got an entry that looked almost exactly the same, and got diverted to the Sophos website. I followed the instructions very carefully and (made a back up of the registry first) the looked round for the supposed file. I never found the offending file but now im really starting to worry.

Ive ran trojan remover. Done a full system scan and it says its now clean.

So, any Ideas? any help would be VERY much appreciated. Thanks in advance Embarassed
Back to top
View user's profile Send private message
flashdangerpants
LXF regular


Joined: Sat Jan 14, 2006 6:56 pm
Posts: 101

PostPosted: Mon Dec 31, 2007 7:09 pm    Post subject: RE: Arrgh...Now ive gone and done it?? Reply with quote

Isass.exe is a virus called optix pro, but Lsass.exe is good. so try be sure which you have there. if you have the virus then i assume you will have both processes running.

the others all look like perfectly sensible processes to me?

if you are still worried you should run hijackthis http://www.whatthetech.com/hijackthis/ and get an expert to look at the logs. i don't know where the experts are to be found though. personally i just assume my windows install is infected with crud like trojans and spyware and never use it for anything important. so i don't worry much about exactly which fleas it has.
Back to top
View user's profile Send private message
pootman
LXF regular


Joined: Tue Jan 09, 2007 12:25 pm
Posts: 430
Location: Scotland, North of England

PostPosted: Mon Dec 31, 2007 9:03 pm    Post subject: Re: RE: Arrgh...Now ive gone and done it?? Reply with quote

flashdangerpants wrote:

the others all look like perfectly sensible processes to me?

How can you be sure without knowing what software he had running at the time?
flashdangerpants wrote:
personally i just assume my windows install is infected with crud like trojans and spyware and never use it for anything important. so i don't worry much about exactly which fleas it has.

Oh, I see now, you're a programmer at Microsoft.
_________________
This signature has been produced using traditional writing methods on behalf of The Campaign For Real Slogans.
To enjoy this signature at its best, adjust your monitor's resolution to 1024x768.
Back to top
View user's profile Send private message
wyliecoyoteuk
LXF regular


Joined: Sun Apr 10, 2005 11:41 pm
Posts: 3445
Location: Birmingham, UK

PostPosted: Mon Dec 31, 2007 9:27 pm    Post subject: RE: Re: RE: Arrgh...Now ive gone and done it?? Reply with quote

Sorry, but shouldn't you be asking this on a Windows site?
They are more likely to be practiced at dealing with viruses. (after all we Linux ppl don't know what they are)
_________________
The sig between the asterisks is so cool that only REALLY COOL people can even see it!

*************** ************
Back to top
View user's profile Send private message
Marrea
LXF regular


Joined: Fri Apr 08, 2005 10:32 pm
Posts: 1873
Location: Chilterns, West Hertfordshire

PostPosted: Mon Dec 31, 2007 10:40 pm    Post subject: Re: RE: Re: RE: Arrgh...Now ive gone and done it?? Reply with quote

wyliecoyoteuk wrote:
Sorry, but shouldn't you be asking this on a Windows site?


I was thinking the self same thing myself. Wink
Back to top
View user's profile Send private message
flashdangerpants
LXF regular


Joined: Sat Jan 14, 2006 6:56 pm
Posts: 101

PostPosted: Mon Dec 31, 2007 11:05 pm    Post subject: Re: RE: Arrgh...Now ive gone and done it?? Reply with quote

pootman wrote:
flashdangerpants wrote:

the others all look like perfectly sensible processes to me?

How can you be sure without knowing what software he had running at the time?

well one of them is roxio perfectdisk, another is windows update client, then there's winzip, and a couple of processes that are part of windows itself and shouldn't be disabled. i would say that none of those sound very suspicious.
Back to top
View user's profile Send private message
GeordieJedi
LXF regular


Joined: Thu Jun 14, 2007 11:36 pm
Posts: 335
Location: North East England

PostPosted: Tue Jan 01, 2008 12:22 pm    Post subject: RE: Re: RE: Arrgh...Now ive gone and done it?? Reply with quote

Thank you all very much, esp flashdangerpants. Any help is much appreciated.

Thats put my mind at rest a little bit...
The reason im eager to get this sorted is that its not my computer, its my brothers and I dont want to let him down by getting the thing infected with some virus/trojan crap.

Marrea + Wyliecoyote. Your probably right, although I had allready posted to a couple of forums and had recieved no response, So I thought i'd try here on the "Other OS" board, and hey..waddaya know. Even hardend linux fans help me out. Just goes to show.

Thanks.
Back to top
View user's profile Send private message
flashdangerpants
LXF regular


Joined: Sat Jan 14, 2006 6:56 pm
Posts: 101

PostPosted: Tue Jan 01, 2008 1:10 pm    Post subject: RE: Re: RE: Arrgh...Now ive gone and done it?? Reply with quote

i know the feeling. i reinstalled windows for my mum, went to download firefox for it and managed to infect the bloody thing with big lumps of spyware just by mistyping the url. went from clean to infested in less than 2 minutes Sad
Back to top
View user's profile Send private message
ollie
Moderator


Joined: Mon Jul 25, 2005 12:26 pm
Posts: 2749
Location: Bathurst NSW Australia

PostPosted: Thu Jan 03, 2008 8:23 am    Post subject: Re: RE: Re: RE: Arrgh...Now ive gone and done it?? Reply with quote

flashdangerpants wrote:
went from clean to infested in less than 2 minutes Sad


My record is 53 seconds - new install infected doing Windows Update! Mad I´m much more careful about when I plug the network cable into a PC when I´m installing Windows for clients Mad Now it is after I have installed and updated the AntiVirus/Internet Security software.
Back to top
View user's profile Send private message
View previous topic :: View next topic  
Display posts from previous:   
Post new topic   Reply to topic    Linux Format forums Forum Index -> Other OS All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Linux Format forums topic RSS feed 


Powered by phpBB © 2001, 2005 phpBB Group


Copyright 2011 Future Publishing, all rights reserved.


Web hosting by UKFast